Buffer Overflows 


Objectives 


«Define what buffer overflows are 
«Describe how shellcode is used into buffer overflows 


What are buffer overflows? 


e Applications run in memory 


e Memory locations can contain information, variables or program 
data 


elf data is overwritten through poor programming, other code can be 
injected causing other program or operating system access 


eNIST Glossary of Key Information Security Terms defines a buffer 
overflow as: 


“A condition at an interface under which more input can be placed 
into a buffer or data holding area than the capacity allocated, 
overwriting other information. Attackers exploit such a condition to 
crash a system or to insert specially crafted code that allows them 
to gain control of the system.” 


Basics 


eA programming error allows data to be overwritten 
beyond the intended length of the buffer 


e This can overwrite other memory locations 
e Can lead to corruption of data 
e Privilege escalation 


How buffer overflows are found 


e Testing or fuzzing 
e Reverse engineering of code 
e Looking at program execution 


e Once a vulnerability is found, the attacker can put their 
own data in 


Shellcode 


eShellcode is code that is used by an attacker to usually 
gain access to part of the operating system 


elt's used in the buffer that is overwritten 


e An attacker must understand how to use the shellcode 
and what the underlying architecture is in order to 
exploit 


Targeted services 


e System services 
Network services 
Common libraries 


What can a shell do 


el aunch remote sessions 


e Launch reverse remote sessions - more common if you 
can't always access the system 


e Tear down other defenses such as antivirus and firewalls 


Why buffer overflows so prevalent 


e Coders can be lazy 
eCoders may use lower level languages 


eProgrammers may not 
e Audit 
e Test 
e Look at performance vs security 


Common defenses 


e Compile time 
e Stack Protection - Stackguard 
e Safe Library use 
e Run time 
e Memory randomization 
e Operating system memory protection - EMET 
e How to protect your organization 
e Don't run all the software you can! 
e Use protection mechanisms especially on servers 


